Netra: Sun's Instant Web Server
by Don Larson Instant" is hardly a new buzzword in Internet parlance. But lately it's being used much more frequently to describe Web-related products. From one-button HTML converters to Rapid Application Development tools, the Web is full of programs so simple even your boss could use them.
The Web server market is no exception. For some time now, hardware vendors have been offering server-in-a-box solutions, complete with all the hardware and software you need to be connected to the world in minutes. But do any of them live up to the promise of quick-and-easy configuration? To find out, Web Developer� put one of the top sellers, Sun Microsystems' Netra Internet Server, to the test.
When I first encountered the concept of "instant" Web servers, my initial thought, probably shared by many of you, was: "Instant" for who? The senior MIS guys--sure. But they're the same ones who can completely configure a server simply by hacking away at the Unix command line--and who probably haven't seen the inside of a user's manual since high school. The fact that they could easily set up a shrink-wrapped server is kind of a moot point.
But what about individuals with less expertise? Someone in a remote branch office, or a beginning ISP, for instance. For a real-world challenge to the promise of "Your own Web server in 30 minutes," it seemed the best benchmark would be to see if a person with less experience--even a novice--could complete the task.
Well, I've been working on or around the Web in one capacity or another for about three years now, so I don't consider myself a Totally Clueless Newbie. At the same time, most of that work has been on the other side of the server, designing and managing Web sites. What time I have spent behind the firewall has most often been peering over the shoulder of one of those MIS types mentioned above, usually watching them hack into someplace they weren't supposed to be.
So on the scale of networking expertise, I guess I'd fall somewhere well short of MacGyver. Thus, my fearless editor thought I would be uniquely qualified for the job. I was curious to try my hand at something new. Sun was gracious enough to provide us with a little lab space and a loaner Netra on which to conduct our experiment. We were set to go.
Out of the Box
We decided to test a mid-line model of Sun's Netra Internet server family, the Netra i 1/170E, release 3.1. Retailing at around $18,895 for a standard configuration, the 170E is a desktop computer equipped with a 167 MHz UltraSPARC processor, 64 MB of memory (expandable to a full gigabyte) and a 2.1 GB internal hard drive (expandable to 328 GB). A 1.44 MB floppy, 4X SunCD drive and 17-inch color monitor are also standard. Our loaner was installed with 10 Mbps Ethernet hardware, although 100 Mbps Fast Ethernet is also an option.
The machine comes with a number of pre-installed software packages, including the operating environment, Solaris 2.5; Netscape's Enterprise Server, LiveWire site management and Navigator Gold authoring software; and Sun's Java Development Kit (JDK). Sun also provides comprehensive security management via a built-in firewall, the Solstice FireWall-First!, as well as Haystack Labs' WebStalker monitoring system and Trend Micro's VirusWall for Internet gateways, which come on CD-ROM. Finally, a Recovery CD is also part of the package, should you ever experience a serious systems failure.
In order to simulate real-world conditions, and at our specific request, the machine was still in the box when I arrived at Sun's campus. Much to Sun's credit, getting the Netra out of the box by myself turned out to be one of the most difficult parts of the setup.
Once it was sitting on the table, I had to plug in all the external connections: power, keyboard, monitor, and the Ethernet cable. Pretty straightforward, basically like setting up your PC at home, except you probably don't have 10Base-T running into the study.
Sun didn't have a modem handy, so I couldn't connect to the network in that fashion. However, remote offices not fortunate enough to have a direct link to the company intranet, or commercial sites connecting to their ISPs via modem would simply run the ISDN line through the serial port. An internal ISDN board is also available as optional equipment on the Netra i.
Cleared For Launch
Fully wired, it was time for ignition. I flipped the switch and the machine began to boot up. The system ran through its diagnostics and began loading programs, flashing the usual computerese on the screen.
Suddenly, something very unexpected happened--the box began talking to me. A very faint but pleasant "Your door is ajar"ish voice was telling me something about the computer that I couldn't quite make out. What made it even more of a surprise was that no external speakers were in sight. As I searched under and behind the monitor, the tech guy who was on hand to answer any questions I might have (and bail me out, I suspect, in the event I became totally discombobulated) informed me that the box was equipped with internal speakers.
Of course, the first thing I wanted to do was turn up the volume, so that I could hear what "she" was saying (a symptom caused by one too many Pearl Jam concerts), but my answer man said there was no volume control. Later, I found that, like almost everything else on the machine, the volume can be adjusted on the Netra administration interface's home page (Not even the tech guy knew this, so we both learned something new that day).
When I rebooted the computer later in the process, I could hear more clearly. As it turns out, unfortunately, the voice only lets you know that the server is being configured and when the process is complete. I thought it would be cool if the computer provided play-by-play commentary as it loaded and configured the server, and maybe even gave you system stats like memory usage. Perhaps that's something Sun should consider in future releases. In the end, it's still a nice little feature.
Up to this point, I had been able to play it pretty much by ear. But now I was faced with a blinking cursor at the console prompt, and only a vague idea of what to do next. For the most part, I'm a stereotypical "When all else fails, read the manual" male. However, for the sake of clarity, and because this was my first time setting up a Web server, I decided this might be a good time to review the instructions.
The Netra Internet Server 3.1 User's Manual is a fully-illustrated, 173 page printed guide that accompanies the server. Written on a very newbie-friendly level, the manual is divided into six sections that walk you step-by-step through each phase of the setup process--from setting up the server, network services and connection administration to security, system administration and crash recovery. I say "newbie-friendly" because the booklet certainly begins at the beginning, even providing an overview chapter that details what an ISP is and gives a diagrammatic breakdown of a sample network topology. More importantly, the manual devotes entire chapters to more complex matters such as Domain Name Service administration, routing, and configuring various types of network connections.
Online instruction is also accessible via help icons located at the bottom of each page of the Netra administration interface, an HTML-based application which operates within a Web browser. These icons link to pertinent sections of the hypertext version of the user's manual. In addition, many of the less-familiar terms used in the interface are also hyperlinked to an online glossary, making for quick and easy searching. All in all, the Netra is equipped with more than adequate help features. Follow the user's manual down the line, as I did, and you'll soon have an operational Web server. Which brings us back to that blinking cursor.
Administration By Browser
At the console login, I entered "setup" at both the user and password prompts, per the manual's instructions, and the computer automatically launched a copy of Sun's HotJava browser. To authenticate the browser connection, I was prompted to enter the same user name and password once again, which opened the welcome page of the Netra Administration interface in the browser. Here, I clicked on the "Administration" link, and arrived at the Main Administration home page. As the name suggests, this page gives you hyperlink access to all the various administrative configuration pages, or "modules."
From network services to system administration, the modules rarely consist of more than two or three separate pages, each equipped with a "home" button that will return you directly to the main administration page. Many modules require as little as a single line of input, making configuration of the server almost trivial.
Each time you complete a configuration successfully, the interface displays a "thumbs up" logo for a bit of positive reinforcement. And any time you screw up, a warning screen pops up explaining exactly what you did wrong, making it virtually impossible to do something that would bring the whole system to its knees. This intuitive setup makes for quick and easy navigation and, ultimately, a very user-friendly interface--especially when compared to attempting the same tasks with nothing more than complex Unix commands entered manually at a prompt.
Take a Deep Breath
I began the initial configuration by entering a host name--the name and IP address that the server would be known by on the network. Here, my tech support man provided the name of a real server on the Sun network, so that we could actually connect to Sun's intranet for testing purposes later in the process. In the real world, you would receive a server name and address from your company system administrator or ISP. After typing the name and IP address in the text boxes, I clicked "OK" and got a big thumbs up. I was on a roll.
Then I hit my first snag. The manual simply read: "Complete the System Administrator Alias, Root Password, Administration Web Server, and Local Area Network configuration tasks." Unfortunately, that's all it read; no cross reference, no "See Chapters 15-18." I flipped through the pages a few times, then finally resorted to asking for a hint from the answer man, who responded that he really hadn't looked at the manual much at all (see, I told you!). Just when I thought we were going to have to taint our little experiment with outside help, I began to find the corresponding chapters and subsections, which were interspersed in the back of the manual. My tech guide made a note and said the problem would be fixed in future releases. To Sun's credit, I found the online help and glossary also provided adequate information to complete the tasks, so all would not have been lost.
In the end, the modules turned out to be so trivial, it was hardly worth the search. To configure the system administrator alias, you simply enter the e-mail addresses of each person who will receive mail addressed to the sysadmin, or Unix root user. Changing the root, or "superuser" account password is a matter of entering and verifying a new password.
Configuring the administration server is a two-step process in which you first change the administration password, as above, and then enter the IP addresses of the other computers on the network that you want to have access to the administration server. Finally, the LAN module allows you to add network protocols, such as TCP/IP or IPX/SPX, so that other client machines on the network will be able to access the server. I added TCP/IP simply by clicking its hyperlink and entering our IP address. If only all the networking stuff I've attempted in the past had been that easy!
At this point, the administration interface automatically returned to the home page and displayed a message indicating that it might be a good time to restart the computer in order to save the system changes I had made. You can complete the entire server setup before you ever reboot. If you're attached to an actual network, however, any client machines previously connected to the server would be confused by the configuration changes, locking up their browsers at the very least. So I selected "Restart and Shutdown" on the administration home page, which opened a final module. From here, you can set the system to automatically check for new devices and even program a delay before restart (in case you have to disconnect a remote client from the server before reboot).
With the system restarted and the changes saved, I had completed the initial configuration. I decided it might be a good time to get back in sync with the manual. From this point, the manual basically goes down the list of modules as they are ordered on the main administration page. As I mentioned before, many of the modules are less than two or three screens, and the majority only consisted of a single page.
By now, about an hour into the process, I was ready to declare this the best feature of the Netra, because the lab I was in was kept at a temperature of just 59 degrees F., in order to offset the heat generated by a large number of servers. It was time to pick up the pace.
Next on the agenda was network services administration: FTP, Mail, Name Service and configuration of Netscape's Enterprise Web Server. Setting up anonymous FTP is a matter of clicking one of three radio buttons: either enabling full upload and download, upload only, or disabling file transfer altogether. To configure the server as a mail gateway, the module prompts you to enter a return address for mail originating from the server, as well as any personal or group aliases.
The Netra provides three types of name services: local, where name resolution is completed by looking up the address in a local file; NIS (Network Information Service), where host names are resolved by another machine on the LAN; and standard DNS (Domain Name Service).
Name service administration is one of the more involved modules in the entire configuration process. However, the chapter discussing it is also one of the most detailed, defining the different aspects of each type of name service and providing full step-by-step coverage.
As an example, I configured the server as a DNS client, which only required that I enter my server's domain name, plus the addresses of primary and secondary DNS servers, as well as an optional third backup.
Configuring the box as a DNS server is a bit more complicated, but straightforward, task. For that, you must enter host names and aliases, along with mail and DNS servers. Again, the manual is helpful in all cases, providing detailed instructions and examples as it goes.
Finally, I was ready to configure the actual HTTP daemon, Netscape's Enterprise Server. I assumed this would be the most involved task of all. When I turned to the manual, however, there was only a single page on the topic. As I opened the Enterprise Server module, I could see why. Getting Netscape's server up and running requires all of two mouse clicks!
On the Enterprise administration home page, I selected "Install." When the entry screen popped up, it had already read the server name, identifier and user and assigned the server port. Other items, like the number of processes and the minimum/maximum number of threads had already been assigned the optimized settings for Solaris 2.5, so there was really nothing to enter or change. I simply clicked "Start," and a screen with a little on/off switch graphic appeared, informing me that the server had been successfully started.
Of course, there are a number of other settings and features included in the Enterprise package, such as encryption, programming via LiveWire or the JDK (Java Development Kit), and developing Web pages with Navigator Gold. But the initial configuration to get the server up and running was the easiest task of the day.
All that remained now was setting up the rest of the third-party software: the Firewall-First, WebStalker and VirusWall packages. Like all the other software, each program came complete with both printed and online documentation. More importantly, each one was also equipped with an extremely simple, point-and-click GUI.
The Firewall-First main administration page shows the system status (secure or insecure) and the number of outgoing sessions, as well as the current security policy. To allow or disable different incoming and outgoing services--Telnet, FTP, Mail, etc.--you simply select "Modify Policy" and click on the specific service you wish to change. You can also set how often the policy and log file are updated, or set them to be updated offline so that they have to be requested manually.
WebStalker and VirusWall had to be installed from CD-ROM. This was done on the Netra main administration page through the "Software Management" module. Once the packages were installed, I simply rebooted, and the system automatically detected the new software and created a link on the main administration page. For each program, selecting this hyperlink opened the respective user interface, and making the application operational was simply a matter of clicking the "Start" icon. Both WebStalker's security policy and VirusWall's scan settings allowed you to make changes through a GUI similar to that of the firewall.
With the system, services, server, and security modules all properly configured and in place, it was time for another test. After my tech support man entered the addresses of Sun's proxy servers, I fired up a browser and, with a brief drum roll, attempted to connect to--where else--the Web Developer� site, which came right up! Almost two hours and a lot of new knowledge later, my computer was connected to the world.
True, Sun had promised a complete setup in 30 minutes. But considering the number of notes I was taking to compensate for my brain's lack of disk storage, I would say that my total hands-on time was less than an hour. Not bad for a first try.
Certainly, anyone with expertise in this area would find half an hour an easy time to beat. Ultimately, the ease and intuitiveness of the Netra interface, combined with the thorough, user-friendly documentation, do indeed deliver an almost "instant" server-in-a-box solution. And, yes...even your boss should be able to handle this one.
Reprinted from Web Developer� magazine, Vol. 3 No.1 Jan/Feb. 1997 (c) 1997 . All rights reserved.